IT AUDIT FUNDAMENTALS

– Analysis of the IT Audit function and its contribution to the company’s mission and strategy
– Definition of the roles and responsibilities of the IT Audit function
– Relationships with governance and risk management
– Differences between internal and external auditing.
– In-depth analysis of the role of IT Audit within the company and how it collaborates with other auditors and experts.

– An in-depth look at establishing, managing, and monitoring internal and IT controls
– The purpose of IT internal controls and their contribution to achieving business objectives
– Identifying the different types of controls and distinguishing between IT risk and related controls
– Differences between preventive, detective, and corrective controls
– Evaluating controls and defining the benefits of a risk-based audit
– The Agile approach to auditing
– Defining audit risks and how to reduce them

– Conducting IT audits: the different types and related procedures, objectivity, and professional care
– Specialized assessments (e.g., vulnerability) and related scanning and testing activities (e.g., penetration).
– Audit Advisory, consulting roles, and services to improve the value, quality, and control of IT systems
– Purposes of independent third-party assurance or attestation and their use
– Planning and conducting IT audits in compliance with professional standards
– Collecting and evaluating different types of audit evidence
– Using data analysis tools to streamline audit processes
– Collecting reports, findings, and recommendations for stakeholders
– Audit follow-up and evaluating how risk has been addressed

– Description and assessment of the most common IT infrastructure components
– Identifying concerns related to hardware, software, operating systems, and networks
– Conducting periodic IT infrastructure reviews
– Evaluating database structures and their management
– Cloud Computing: characteristics, risks, and control
– Evaluating change, configuration, release, and patch management policies and practices
– Business Continuity, Disaster Recovery, and Data Backup

– Perimeter network security: protecting data, assets, and company information
– Risks and controls related to Windows and UNIX®/Linux operating systems
– Description of security vulnerabilities and risks of mobile (web) apps
– Security and risk assessment related to the use of Windows Active Directory and Oracle
– Analysis of corporate information security and privacy policies and practices
– Assessing the protection of corporate media and mobile devices

– AI (Artificial Intelligence): basic concepts, expert systems, and associated risks
– Big Data: technical/operational risks for the company and approaches for adequate risk management
– Blockchain: corporate use of methodologies and assessment of the blockchain technology control environment
– IoT: device types, value, and risks for the company
– Cybersecurity: key processes and associated controls.